Before you are able to set up reporting authorizations, you have to create authorization objects.
As soon as an authorization object is saved, it can be checked when a query is run. The user may not have the appropriate authorizations if he or she has not yet been assigned this authorization object.
Only when the user has been assigned the appropriate authorizations can he/she define and execute a query or navigate in an existing query.
If in the query a characteristic value or a node is excluded, a complete authorization check “*” is required.
...
1. In the SAP Easy Access initial screen of the SAP Business Information Warehouse, choose the path SAP Menu → Business Explorer → Authorizations → Reporting Authorization Objects.
2. Choose Authorization Object → Create. Give the authorization object a technical name and a regular name. Save your entries.
3. On the right-hand side of the screen, an overview of all the InfoObjects that are authorization-relevant is displayed.
Only those characteristics that have been flagged as authorization-relevant previously in the InfoObject maintenance screen can be assigned as fields for an authorization object. See also: Creating InfoObjects: Characteristics
4. Assign the InfoObject fields to the authorization object:
¡ Select the characteristics for which you want an authorization check of the selection conditions to be carried out.
¡ Select the InfoObject key figure (1KYFNM) if you want to restrict the authorization to a single key figure.
¡ Select the InfoObject (0TCTAUTHH) if you want to check authorizations for a hierarchy.
¡ Include the authorization field activity (ACTVT) in the authorization object if you want to check authorizations for documents.
5. Save your entries.
6. Go back to the initial screen of the authorization maintenance.
7. Choose Check for InfoProviders → Display to get a list of the InfoProviders that contain the InfoObjects that you selected and are therefore subject to an authorization check (where-used list). In the change mode you can exclude individual InfoProviders from the authorization check for this authorization object by removing the flag.
Authorization object: S_RSRSAREA
Name: Sales area
Fields: DIVISION, CUSTGROUP, 1KYFNM
Authorizations are created and maintained in the role maintenance screens.
...
1. Choose Authorizations → Roles → Change.
2. Specify the roles that you want to change and choose Change. This takes you to the role maintenance screen.
3. On the Authorizations tabstrip, choose the Expert mode for generating profiles option.
4. Choose the Enter Authorization Objects Manually option, and specify the objects that you require. Choose Enter. The authorization object is added to the role.
5. Choose Generate.
For more information, see Changing and Assigning Roles.
The user is now able to work with queries.
See also:
Authorizations for Working with a Query